11/16/2012

Skype Security Loophole Exploited – Some Customer Operations and Information Put at Risk

There are a number of widgets, tools and add-ons that website owners are now using to make their sites more vibrant and interactive than ever. Gone are the days when most websites were nothing but static pages and the most advanced websites just had a bit of flash to display. Today’s sites are more interactive as business owners reach out to their website visitors and Skype is a big part of that movement. The problem is, the webmasters who use Skype may have left themselves open to a security loophole that may have them scrambling to get their accounts back. Why would you have to get your account back when you didn’t do anything to lose it? Here’s the 411 on the Skype fiasco…

A Security Hole Exploited

On Wednesday morning some Skype customers discovered they couldn’t access their accounts. Imagine that you have customers who regularly rely on you to communicate with them via Skype and for some reason, one that is unknown to you, your password and login information just aren’t working. Try as you may to log into your Skype account, it just isn’t happening.

The above scenario would be frustrating. There is a point, however, when it would become an absolute nightmare. This is when you discover that not only are you unable to get into your Skype account, but someone else can. Someone has exploited Skype’s security loophole and has changed your login and password. This individual now has access to your Skype account. For all you know, that person may be communicating with your customers and who knows what they are saying. But that’s not where the nightmare ends.

This person, whoever it is who hacked your Skype account, now has your personal information including your name and possibly your date of birth. Anything that is saved in your Skype account is what this person now holds in their hands.

Unfortunately this is not a “what-if” scenario. This is exactly what happened when some Skype customers realized their accounts had been compromised.

Working to Fix the Issue

Skype worked quickly to fix the issue once it was brought to their attention, temporarily suspending the password reset feature. Fortunately it does not seem as though many websites were affected. There is, however, a lesson to be learned here – and that lesson is about the importance of security.

Unfortunately Alertra cannot monitor an attack such as the one mentioned above. A DDoS attack? We have you covered. Someone stealing your password? That is something that not even we can prevent.

What you can do, instead of taking your whole website down when such a thing occurs, is simply disable the feature on your site that has been affected. You may not be able to use that website feature until you get things sorted out, but at least your entire site won’t have to go down during the process.

Also make sure that any password-encrypted features on your site don’t have any loopholes in their security. Do whatever you can to protect your website and your customers’ information. Skype does its best, but the loophole was there and it was exploited. Don’t let the same thing happen to your site and definitely don’t let such a security loophole cause customer interference or website downtime.